Privacy Policy

Privacy Policy

of the company: 

ROYAL NYX GmbH, Hagenau 87, 22089 Hamburg

www.royal-nyx.de

Managing Director: Eva Maschek 

Tax number 43/755/01274 

Hamburg-Barmbek-Uhlenhorst 

VAT ID No. DE 316939202

HRB 150158

  • General information
  • This privacy policy contains detailed information about what happens to your personal data when you visit our website www.royal-nyx.com. Personal data is all data with which you can be personally identified. When processing your data, we strictly adhere to the legal provisions, in particular the General Data Protection Regulation ("GDPR"), and attach great importance to ensuring that your visit to our website is absolutely secure.
  • Responsible body
  • The person responsible for data protection and the collection and processing of personal data on this website is:

    First name, last name: Eva Maschek
    Street, house number: Richard-Dehmel-Str. 6
    Postal code, city: 22587 Hamburg
    Country: Germany
    Email: evamaschek@royal-nyx.de
    Phone: 01716245065
  • Newsletter
  • If you have expressly consented, we will regularly send our newsletter to your email address. To receive our newsletter, you must provide us with your email address and then verify it. Additional data is not collected or is voluntary. The data is used solely for sending the newsletter.
  • The data provided when registering for the newsletter will be processed exclusively on the basis of your consent in accordance with Art. 6 Paragraph 1 Letter a of GDPR. You can revoke your consent at any time. To revoke your consent, simply send us an informal email or unsubscribe using the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
  • Data entered to set up the subscription will be deleted if you unsubscribe. If this data has been sent to us for other purposes and elsewhere, it will remain with us.
  • Contact form
  • If you contact us by email or via a contact form, the data you provide, including your contact details, will be stored in order to process your request or to be available for follow-up questions. This data will not be passed on without your consent.
  • The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent at any time. An informal notification by email is sufficient for the revocation. The legality of the data processing operations carried out up to the revocation remains unaffected by the revocation.
  • Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.
  • Storage period of posts and comments
  • Posts and comments as well as related data, such as IP addresses, are stored. The content remains on our website until it has been completely deleted or had to be deleted for legal reasons.
  • The posts and comments are stored on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent at any time. An informal notification by email is sufficient for the revocation. The legality of data processing operations that have already taken place remains unaffected by the revocation.
  • Customer account
  • If you open a customer account, you agree that your inventory data such as name, address, email address and bank details as well as your usage data (user name, password) will be saved. This gives you the opportunity to order from us using your email address and your personal password.
  • Online payments
  • If you order goods or services in our online shop, it is necessary for the fulfillment of the contract that you provide your personal data that is necessary for processing your order. The mandatory information required for contract processing is marked separately. Depending on the payment method selected, the data required for payment processing will be forwarded to the relevant payment service providers. Your data will be processed on the legal basis of Art. 6 Paragraph 1 Sentence 1 Letter b) GDPR.
    • Klarna

      Our website allows payment via Klarna. The payment service provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
      When paying with Klarna (Klarna checkout solution), Klarna collects various personal data from you. You can find details in Klarna's privacy policy at: https://www.klarna.com/de/datenschutz/.
      Klarna uses cookies to optimize the Klarna checkout solution. This optimization represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Cookies are small text files that your web browser stores on your device. Klarna cookies remain on your device until you delete them. Details on the use of Klarna cookies can be found at: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
      Your data will be transmitted to Klarna on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing to fulfill a contract). You can revoke your consent at any time. Data processing operations that took place in the past remain effective if you revoke your consent.
    • Mastercard

      We use the payment service provider Mastercard on our website. The service provider is the American company Mastercard Inc. The company responsible for Europe is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.
      The data processing is essentially carried out by Mastercard. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from other Mastercard services where you have a user account.
      You can find out more about the data processed through the use of Mastercard in the Privacy Policy at https://www.mastercard.de/de-de/datenschutz.html.
    • PayPal

      We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company responsible for Europe is PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg.
      The data processing is mainly carried out by PayPal. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from other PayPal services where you have a user account.
      You can find out more about the data processed through the use of PayPal in the Privacy Policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
    • Instant bank transfer

      Our website allows payment via “Sofortüberweisung”. The payment service provider is Sofort GmbH, Theresienhöhe 12, 80339 Munich.
      Using the “Instant Transfer” process, we receive a payment confirmation from Sofort GmbH in real time and can begin to meet our obligations immediately.
      When paying by "instant transfer", your PIN and TAN are sent to Sofort GmbH. The payment provider then logs into your online banking account, automatically checks your account balance and makes the transfer. The transaction is then confirmed immediately. Your transactions, the credit limit of your overdraft facility and the existence of other accounts and their balances are also automatically checked after logging in.
      In addition to PIN and TAN, the transmission to Sofort GmbH also includes payment data and personal data. Your personal data includes your first and last name, address, telephone number(s), email address, IP address and, if applicable, other data required for payment processing. This data transmission is necessary in order to establish your identity beyond doubt and to prevent attempted fraud.
      Your data will be transmitted to Sofort GmbH on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing to fulfill a contract). You can revoke your consent at any time. Data processing operations that took place in the past remain effective if you revoke your consent.
      Details on payment with Sofortüberweisung can be found at: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
    • Visa

      We offer payments with Visa on our website. The service provider is the American company Visa Inc. The company responsible for Europe is Visa Europe Services Inc., 1 Sheldon Square, London W2 6TT, Great Britain.
      The data processing is mainly carried out by Visa. This may mean that data is not processed and stored anonymously. In addition, US government authorities may have access to individual data. It may also happen that this data is linked to data from other Visa services for which you have a user account.
      You can find out more about the data processed through the use of Visa in the Privacy Policy at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
  • Data use and sharing
  • We will not sell or otherwise market the personal data that you provide to us, for example when placing an order or by email (e.g. your name and address or your email address) to third parties. Your personal data will only be processed for correspondence with you and only for the purpose for which you provided the data to us. To process payments, we pass on your payment details to the credit institution responsible for the payment.

    The data that is automatically collected when you visit our website is only used for the purposes stated above. The data will not be used for any other purpose.
    We assure you that we will not pass on your personal data to third parties unless we are legally obliged to do so or you have given us your prior consent.
  • SSL or TLS encryption
  • Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
  • If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
  • Storage period
  • Personal data that has been communicated to us via our website will only be stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as commercial and tax retention periods must be observed, the storage period for certain data can be up to 10 years.
  • Rights of data subjects
  • With regard to the personal data concerning you, as a data subject, you have the following rights vis-à-vis the controller in accordance with the statutory provisions:
    • Right of withdrawal
      Many data processing operations are only possible with your express consent. If the processing of your data is based on your consent, you have the right to revoke your consent to the processing of data at any time with future effect in accordance with Art. 7 Para. 3 GDPR. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. Storage of data for billing and accounting purposes remains unaffected by a revocation.
    • Right to information
      You have the right, in accordance with Art. 15 GDPR, to request confirmation from us as to whether we process personal data concerning you. If such processing has taken place, you have the right to information about your personal data processed by us, the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed of the guarantees in accordance with Art. 46 GDPR when your data is forwarded to third countries.
    • Right to rectification

      You have the right to request the immediate rectification of inaccurate personal data concerning you and/or the completion of your incomplete data at any time in accordance with Art. 16 GDPR.
    • Right to erasure

      You have the right to request the erasure of your personal data in accordance with Art. 17 GDPR if one of the following reasons applies:
      • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
      • You withdraw your consent on which the processing is based according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for the processing.
      • You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.
      • The personal data were processed unlawfully.
      • The erasure of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member State to which we are subject.
      • The personal data were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

    • However, this right does not apply if the processing is necessary:
      • to exercise the right to freedom of expression and information;
      • to fulfill a legal obligation which requires processing by Union or Member State law to which we are subject or to perform a task carried out in the public interest or in the exercise of official authority vested in us;
      • for reasons of public interest in the area of ​​public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR;
      • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the rights of the data subject are likely to render the achievement of the objectives of this processing impossible or seriously compromise it, or
      • to assert, exercise or defend legal claims.

    • If we have made your personal data public and are obliged to delete it in accordance with the above, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that you, as the data subject, have requested that they delete all links to your personal data or copies or replications of these personal data.
    • Right to restriction of processing

      You have the right to request the restriction of processing (blocking) of your personal data in accordance with Art. 18 GDPR. You can contact us at any time using the address provided in the imprint. The right to restrict processing exists in the following cases:
      • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the check, you have the right to request that the processing of your personal data be restricted.
      • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
      • If we no longer need your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
      • If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

    • If you have restricted the processing of your personal data, these data may - with the exception of storage - only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.
    • Right to information
      If you have asserted your right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom your personal data was disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure. Pursuant to Art. 19 GDPR, you have the right to be informed of these recipients upon request.
    • Right not to be subjected to a decision based solely on automated processing – including profiling
      According to Art. 22 GDPR, you have the right not to be subjected to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or significantly affects you in a similar way.
      This does not apply if the decision
      • is necessary for the conclusion or performance of a contract between you and us,
      • is permitted by Union or Member State law to which the controller is subject, and this law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
      • with your express consent.

    • However, the decisions in the cases referred to in (a) to (c) must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2)(a) or (g) applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.
      In the cases referred to in (a) and (c), we shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
    • Right to data portability
      If the processing is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract in accordance with Art. 6 Para. 1 lit. b GDPR and is carried out using automated procedures, you have the right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transmit it to another controller or to request that it be transmitted to another controller, provided that this is technically feasible.
    • Right of objection
      Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6 Para. 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on this provision. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21 Para. 1 GDPR).
      If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purposes of direct marketing (objection in accordance with Art. 21 Para. 2 GDPR).
      In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, regardless of Directive 2002/58/EC.
    • Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR
      In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
      The supervisory authority responsible for us is:

      The Hamburg Commissioner for Data Protection and Freedom of Information

      Ludwig-Erhard-Str. 22 7th floor
      20459 Hamburg

      Telephone: 040/428 54-40 40
      Email: mailbox@datenschutz.hamburg.de
      Internet: https://www.datenschutz-hamburg.de
  • Validity and modification of this privacy policy
  • This privacy policy is valid from May 31, 2024. We reserve the right to change this privacy policy at any time in compliance with the applicable data protection regulations. This may be necessary, for example, to comply with new legal provisions or to take into account changes to our website or new services on our website. The version available at the time of your visit applies.
  • Should this privacy policy change, we intend to post any changes to our privacy policy on this page so that you are fully informed of what personal information we collect, how we use it, and under what circumstances it may be disclosed.

©2002-2024 LEGAL DOCUMENTS (Sequiter Inc.)